Authentication. For e-mail providers and Internet engineers, it's the next big thing in the battle against spam. But while everyone seems to agree on the need to link e-mail addresses to real people and institutions, there isn't much agreement on how best to do it, as evidenced by a dust-up between two industry heavyweights last week.
The idea behind e-mail authentication is to create a system that would electronically track the origins of e-mail messages. Under the current e-mail protocols, it's ridiculously easy to fake the "from" information in an e-mail message, which allows spammers to mislabel their messages with impunity. Rather than try to pick those forged messages out of the ether, an authentication scheme would allow service providers to identify legitimate messages, passing them along to recipients without putting them through an anti-spam gauntlet.
| || |
__ Subscribe Now __ You are reading the weekly Tech Policy and Security E-letter. Written by washingtonpost.com's tech policy team, the e-mail version of this feature includes links to all the top technology policy stories from the previous week.
Click Here for Free Sign-up
All of the major e-mail providers are working on some form of authentication technology, and the Federal Trade Commission last week finalized plans to hold an authentication "summit" in November.
But in order for an authentication system to work, a majority of e-mail providers will need be on the same technological page -- a goal that may have suffered a blow last week when America Online publicly announced that it wouldn't be using an authentication scheme championed by Microsoft Corp.
Microsoft has developed a technology called Sender ID that links e-mail addresses to Internet protocol numbers, which are much more difficult to forge. But Microsoft's patent application, released last week, could exacerbate existing concerns in the e-mail community about the technology being the sole property of the software giant. Shortly after the patent request emerged, AOL said it wouldn't be using the protocol.
All of this sets the stage for a fairly rancorous meeting when all the major players gather at the FTC forum in Washington on Nov. 9, but observers say the AOL-Microsoft flap won't stop the inexorable drive toward authentication.
"I think we aren't moving backwards. The ruckus around Sender ID was basically short-circuiting what a lot of us saw as an unfortunate turn toward a more proprietary approach," said Ray Everett-Church, counsel for the Coalition Against Unsolicited Commercial Email. "Sooner or later people were going to realize that putting everything in the basket of a bunch of intellectual property licensed to you by Microsoft is not the best solution."
Everett-Church also works for a company called ePrivacy Group that is backing an open-source authentication standard.
For its part, Microsoft says the latest iteration of Sender ID can coexist with other authentication standards, regardless of whether companies like AOL adopt the proprietary technology.
--David McGuire, washingtonpost.com Staff Writer